Affected OS: Win95/98/Me/2000/XP
Filesize: 1 368
Packed by: -
AUTORUN.FCB
Autorun.ico
Autorun.~ex
autorun.txt
autorun.inf_被屏蔽木马
autorun.inf
autorun.reg
Autorun.ini
autorun.bat
autorun.vbs
autorun.wsh
autorun.bin
autorun.srm
Autorun.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
"Userinit"="userinit.exe,autorun.bat"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
"ShowSuperHidden"=dword:00000000
1. Download a free curing Dr.Web CureIt! utility from an uninfected machine.
2..Disconnect the infected computer(s) from Local area network or from the Internet.
3. Enable display hidden and system files in any file manager.
4. Use Dr.Web CureIt! to scan all drives. Use "Cure" option for all detected objects. Be sure to scan all external drives for VBS.Igidak Apply "Cure" option to all detected objects.
5. Add the following keys to the registry to restore it.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
"Userinit"="userinit.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
"ShowSuperHidden"=dword:00000001
In you need to check the following registry kes for server versions of Windows::
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden
"ValueName"="ShowSuperHidden"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
\Advanced\Folder\SuperHidden\Policy\DontShowSuperHidden
@=""
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
"ShowSuperHidden"=dword:00000001
HKEY_USERS\S-1-5-21-1718174493-3167834097-4179402766-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
"ShowSuperHidden"=dword:00000001
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{41a44c3f-ccb0-11db-a16f-00112f178ee0}\Shell\open\Command
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{39f78d75-f271-11db-835a-00112f178ee0}\Shell\open\Command
6. Delete the following files manually:
AUTORUN.FCB
Autorun.ico
Autorun.~ex
autorun.txt
autorun.reg
Autorun.ini
autorun.wsh
autorun.bin
autorun.srm
Autorun.exe